Wednesday, July 9, 2008

July 8: Microsoft Security Update Gets an F

F is short for Fail, and Microsoft got a failing grade from me on its latest security update for Windows XP (KB951748). Upon installation, tens of thousands of users lost Internet connectivity.

Security Update for Windows XP (KB951748) addresses a serious problem and it should be installed. Unfortunately, this update does not work well with Check Point's ZoneAlarm, a widely used software firewall.

Microsoft's grade was based solely on its failure to test or detect compatibility problems with ZoneAlarm.

Internet Connectivity Shut OffOnce the update was installed, ZoneAlarm detected suspicious activity in the Windows XP kernel and disabled network traffic. It did what it was designed to do.

The Blame BeginsZoneAlarm is made to block suspect intrusions and extrusions. Many people are blaming ZoneAlarm for the problem, but I do not think it is their fault. Firewalls are under frequent attack, and ingenious ways of selectively allowing or blocking network traffic enables ZoneAlarm to be effective.

Unless Check Point had prior access to the update, the blame rests with Microsoft. Microsoft needed to test their update on computers with ZoneAlarm installed. If they discovered an incompatibility, they should have contacted Check Point to work out a temporary or permanent solution.

Microsoft knows that hundreds of thousands of its users also use ZoneAlarm: Check Point does not know what is in the security update and how it was implemented.

I lost over two hours trying to diagnose and fix the problem. This could have been avoided easily.

Initially, Check Point recommended uninstalling the new security update. That is bad advice because the security update is needed. The alternative is uninstalling or weakening ZoneAlarm, but that might be worse than removing the update.

Newly-patched ZoneAlarm Versions are AvailableTo enable Internet access with Microsoft's security update; Check Point patched its ZoneAlarm product line. If users can get online, new versions (as of July 9, 2008) are available for the following products:

New Pages on IAPS.COM

Feeds

IAPS

Founded in 1977, IAPS is a leading international training and consulting firm that designs and presents educational programs for technical professionals and managers. IAPS provides technical experts to assist organizations with assessment, design and implementation of leading edge software for electronic products and complex IT systems. IAPS also provides technical litigation support services on intellectual property matters in addition to technical training support services and education consulting.